Can you post an example of each?   It will help us see what you are trying to achive

I have switch configurations with various IP addresses referenced throughout (i.e. virtual interfaces, ntp servers, snmp server, dns name servers, default gateway, etc.).  All those IP addresses in my configs reside in a couple different subnets (i.e. 10.80.10.0/24, 10.80.11.0/24).

Let's say a bad actor logged onto a switch and configured an interface and snmp-server in 192.168.1.0/24, outside of those two subnets above.  I want to write a policy in NetMRI that would alert on that "untrusted subnet" configuration change.  In other words, any configured IPs within those two subnets above would be "safe", anything deviating from those I would want to know about.

I'm struggling with how to write the policy and am looking for some guidance.

Well I would approach it a diffrent way using Rule Logic Builder and Negative Look Ahead in RegEX

What the above mean is that if any other logging server besides 192.168.1.11 this will through an error

So now you can do that that for Logging, TACACS Servers, SNMP, etc...

I hope this helps

Sif,

Good tip on the negative lookahead.  Is that how the CPD is implemented when one has:

  required:

    access-list 123 permit ip 1.1.1.1

 invalid:

    access-list 123 .*

I will have to double check CPD, I haven't used it in like 7 years

Of course you know I had to test it 

And yes you are correct CPD does worked that way

I know that CPD has been deprecated but it's so intuitive for "mortals" who want to copy/paste config snippets.  And it has always accepted regex if one used that.

Sbaksh,

Thank you for the information here; this seems to work! 

One issue now though is that the rules only pick up the *first* violation in the configuration.  The second violations (and beyond) seem to be ignored in my tests.  Is there a way to find and report on *all* violations instead of just the first one within Rule Logic Builder?

My final related question is that I am trying to build the rule checks against *custom* fields I have set on some devices.  I only see a fixed list of default attributes to choose from.  Am I missing something or am I just stuck with the default attributes here?

Thanks again,

Rich

Can you post your rule?

Either a screenshot or upload the XML